Legal

Privacy Policy

Last updated: June 7, 2026

1. Who We Are

SprintOS is a terminal-first project management tool developed and maintained by Miguel Angel Jaramillo Muñoz. This Privacy Policy describes how SprintOS handles data when you use the software, the website at sprintos.dev, or any associated cloud services.

For any privacy-related questions, contact: varmiguemunoz@gmail.com

2. Self-Hosted vs. Cloud

SprintOS is self-hosted by default. When you run SprintOS on your own infrastructure — whether a local machine, VPS, or managed PostgreSQL provider (Supabase, Neon, Railway) — all data including projects, tasks, sprints, time logs, comments, and team members is stored exclusively in your database. We have no access to it.

The Supporter tier cloud features involve SprintOS-managed infrastructure. For those users only, the data practices in sections 3–6 apply.

3. Data We Collect

GitHub OAuth (all users)

Authentication is handled via GitHub OAuth. We request read-only access to your public profile (username, display name, avatar URL) and your primary email address for account identification. We do not request write access to your repositories, issues, or pull requests unless you explicitly enable the GitHub sync integration.

Cloud backup (Supporter tier)

If you activate cloud backup, we store an encrypted snapshot of your SprintOS database schema and data. Your database connection string is encrypted at rest using AES-256 and is never logged or exposed in plaintext.

Website analytics

The SprintOS website uses Vercel Analytics, which collects anonymised page view counts and performance metrics. It does not use cookies, does not fingerprint browsers, and does not collect personally identifiable information from visitors.

4. How We Use Your Data

  • Authenticate your identity via GitHub OAuth and maintain your session.
  • Associate your account with your SprintOS organisation and team.
  • Deliver cloud backup and real-time team sync features (Supporter tier only).
  • Send transactional emails for account events such as team invitations (if SMTP is configured by you).
  • Measure aggregate website usage to improve performance (anonymous only).

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

5. Third-Party Integrations

SprintOS optionally integrates with the following services, each initiated by you and governed by their own privacy policies:

GitHub Issue and PR sync
Slack / Discord Notification webhooks
Zapier / Make Outbound webhooks
Supabase / Neon / Railway Database hosting

6. Data Retention & Deletion

Self-hosted: All data retention is controlled entirely by you. Delete your database and all SprintOS data is gone.

Cloud (Supporter tier): Your data is retained for the duration of your account. Upon written request to varmiguemunoz@gmail.com, all cloud-stored data will be permanently deleted within 30 days.

7. Security

All data in transit is encrypted via TLS 1.2+. Cloud backup data is encrypted at rest with AES-256. API keys generated by sprintos api-key create are hashed before storage and displayed only once at creation time. We perform regular dependency audits and follow responsible disclosure practices. To report a security issue, email varmiguemunoz@gmail.com.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, port, or erase your personal data. To exercise any of these rights, contact:

mail varmiguemunoz@gmail.com

9. Changes to This Policy

We may update this Privacy Policy when the product changes meaningfully. Material updates will be announced in the SprintOS GitHub changelog . The "Last updated" date at the top of this page always reflects the current version.